| 2021-08-23 | CVE-2021-39154 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a simple library to serialize objects to XML and back again. | 8.5 |
| 2021-07-14 | CVE-2021-36373 | When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. | 5.5 |
| 2021-07-14 | CVE-2021-36374 | When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. | 5.5 |
| 2021-07-13 | CVE-2021-36090 | When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. | 7.5 |
| 2021-05-28 | CVE-2021-29505 | Deserialization of Untrusted Data vulnerability in multiple products
XStream is software for serializing Java objects to XML and back again. | 8.8 |
| 2021-05-27 | CVE-2021-22118 | Exposure of Resource to Wrong Sphere vulnerability in multiple products
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. | 7.8 |
| 2021-03-23 | CVE-2021-21351 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again. | 9.1 |
| 2021-03-23 | CVE-2021-21350 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again. | 9.8 |
| 2021-03-23 | CVE-2021-21349 | Deserialization of Untrusted Data vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again. | 8.6 |
| 2021-03-23 | CVE-2021-21348 | Resource Exhaustion vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again. | 7.5 |